Forming a “Think Tank” on Trustworthy Computing

REDMOND, Wash., Feb. 20, 2003 — The academic experts assembled at the Microsoft campus today have their work cut out for them. As members of the new Microsoft Trustworthy Computing Academic Advisory Board, theyve been asked to give scrutiny and advice on an ambitious company-wide initiative that aims to provide safe, private and reliable computing experiences for everyone.

To learn the why and what-for behind the group and its first two-day meeting, PressPass convened a group of its own. Joining the roundtable discussion are David Ladd , manager of external research programs for Trustworthy Computing at Microsoft Research, and two advisory board members, Dr. Fred B. Schneider , a professor at Cornell University in Ithaca, N.Y., and Dr. Neeraj Suri , a professor at TU Darmstadt University in Darmstadt, Germany, near Frankfurt.

Ladd: Microsoft has long had relationships with academic experts on an individual basis, and weve received excellent feedback and interaction by doing so. We felt it would be an even better idea to bring the experts together, present them with our business and technical challenges, and have the group synthesize their comments and solutions. Essentially, its a think tank on Trustworthy Computing.

PressPass: What function will the advisory board serve?

Ladd: The goal is to learn from each other. By turning to academia for advice and direction, Microsoft can avoid taking missteps in technology areas that others may have researched in depth already. Plus, we know Microsoft initiatives can benefit from scrutiny by outside experts who dont have preconceived notions about how something should be accomplished, from both a technology and policy perspective. Microsoft has long realized that to achieve needed systemic change, its important to involve academia early on.

But we also view this board as a two-way education channel. Ultimately, wed like to see academia work with the industry to inculcate more security concepts into a technical education, because its not just a technology problem or a computer science problem. Its a social problem. If we at Microsoft work with academia to make sure they have the resources, time and information to infuse Trustworthy Computing concepts into education, the result will be graduates who are much more adept at understanding a secure computing environment.

PressPass: Which Microsoft group created the advisory board?

Ladd: The advisory board was formed as the result of long-term discussions among the Trustworthy Computing strategy team, Microsoft Research University Relations and Microsofts Security Business Unit. All three groups have been working on the Trustworthy Computing initiative since it was launched in January 2002.

PressPass: What expertise do the academics bring to the table?

Ladd: Many of the 19 board members are experts in Trustworthy Computing issues that Microsoft is already working on. For example, some have expertise in cryptography or malicious code. Others are extremely well-versed in programming languages, compilers and tool modifications that can minimize errors in the software development process. Some are testing specialists. Some are experts in fault-tolerance and distributed computing. When we created the board, we were keenly aware that we wanted it to reflect expertise in all the major technology areas. In addition, we have a Privacy Committee that consists of five legal specialists with significant experience in privacy-enabling technologies and privacy policies.

PressPass: Dr. Schneider, can you summarize your background with regard to Trustworthy Computing?

Schneider: At present, Im the director of the Information Assurance Institute at Cornell University and the chief scientist for the newly formed Griffiss Institute for Information Assurance.

I served as the chairman of the
“Information Systems Trustworthiness”
study for the Computer Science and Telecommunications Board of the National Academy of Sciences. My research focuses on techniques to support the construction of concurrent and distributed systems for high-integrity, mission-critical settings, and these days I am concentrating on security questions.

PressPass: Professor Suri, whats your area of specialty?

Suri: The primary area of my research addresses embedded systems, and specifically, composite issues in “Dependability and Real-Time” in distributed and networked systems. These encompass system design, architectural, algorithmic and operating system issues related to providing dependability and real-time attributes in high-performance systems, as well as the more challenging — and real — problem of combined provision of dependability and real-time in safety-critical, service-critical and money-critical systems.

PressPass: What prompted you to serve on this advisory board?

Suri: As we reach new thresholds of our intertwining with technology, Microsofts Trustworthy Computing Academic Advisory Board is a remarkably timely and pertinent initiative. This forum presents a unique opportunity for academics to critically relate, analyze and critique concepts with real-world implementations, reflect on current practices and chart out new ideologies — scientific, social, legal and implementational — in the provisioning of trust and security.

PressPass: Dr. Schneider, what led you to join the board?

Schneider: I measure my success as a university researcher in terms of the impact I have.

Helping Microsoft increase the trustworthiness of its systems would have an enormous impact on the computing landscape, so I see participation on this board as a highly leveraged use of my time.

If Microsoft can raise the bar on system trustworthiness, then not only will the entire industry be better off, but our society’s transition to increased use of computing will also be on a sounder footing.

Second, I expect that my participation on the board will inform my research at Cornell.

Direct exposure to real problems in real settings helps ensure that my research is addressing important problems and is based on sensible assumptions.

While I find the isolation and independence of the “Ivy Tower” valuable, I also find direct involvement in industry to be a very useful input.

PressPass: In your opinion, what key challenges does the industry — and Microsoft — face in achieving Trustworthy Computing?

Schneider: The entire industry needs to place a higher priority on building trustworthy systems, even though this means building systems that have fewer features and that take longer to deploy because of increased development times.

But also the public needs to better understand the limits on the trustworthiness of todays systems and to appreciate the consequences of not having trustworthiness. Educating the public about risks and consequences is a job that the industry shares with those of us who use systems and those who study them.

PressPass: How do you envision this board helping Microsoft overcome those challenges?

Schneider: Im hopeful that this board will provide an objective and informed voice on security matters, and that its a voice Microsoft can and will embrace.

Our focused discussions over a long period could provide Microsoft with not only a place to vet new solutions but also a constant and undiluted set of values about trustworthiness, creating a palpable presence in the Microsoft corporate conscience.

Our board becomes a set of real people that Microsoft is willing to take seriously — rather than a disembodied din — advocating for trustworthiness and for the aesthetic in design and corporate culture that will be required.

PressPass: Professor Suri, can you speak to the need for Trustworthy Computing based on your own experience?

Suri: It goes without saying that our daily lives are increasingly enmeshed with the use of technology — cars, planes, banking, e-transactions, e-business, e-mail — to the point that disruption of these services has both service-critical and money-critical ramifications. Technology only offers meaningful value if we can associate a level of trust on the delivery of its services.

PressPass: You live and work in Germany. Do you see international implications to Trustworthy Computing?

Suri: Trust and security are without physical borders. The Internet has become a great harmonizer, adding transparency in linking service requests and delivery. Transparency of the data transfer media, and related underlying procedures to deliver the service, is wonderful to the consumer. However, transparency comes at a cost. One, lesser control of the transaction details becomes a factor, and two, the public nature of the communication media makes trust and security more than just a scientific concern. Transparency also opens up issues of how and where infringements can take place, and in places where the legal perspectives on information access may differ, for example, across the United States and Europe. To make a complete transaction trustworthy without full control of the elemental processes is indeed a challenge.

PressPass: What does this mean in terms of the Trustworthy Computing Academic Advisory Board?

Suri: The international nature of the group is all the more important given the delicate interplay offered by the varied cultural and legal nuances of trust and security across the United States, Europe and the world. Trust in the e-world is not an option any more. It behooves us, socially, economically and scientifically, to ensure that trust in a system becomes a foundational premise.

PressPass: Did Microsoft take international issues into account when forming the Trustworthy Computing Academic Advisory Board?

Ladd: Trustworthy computing is something we definitely want global input on. The fact that this is an international board means that in many cases, board members from the international academic community will be able to give us a sense of how issues might manifest in, for example, the European Union or the Asia-Pacific region.

We have seen definite global differences, especially from a privacy perspective. For example, the European Union has significantly different laws on the books with regard to the type of information that companies can present and collect. And looking at those policy directives could impact the way we deliver the technology, too. We may have to have certain assurances of doing something in a particular way, which in turn may require architectural changes. Thats why being proactive and talking to academic experts early in a development cycle is so important to us.

PressPass: Why doesnt the board include government and industry representatives as well as academics?

Ladd: Microsoft has other venues for input on security and privacy issues from government and industry. We wanted this board focused on academics and the perspective they offer.

PressPass: What sorts of topics will the board tackle over the next two days?

Ladd: We built the agenda for this first meeting around the issues that we believe need to be addressed most urgently. For example, various Microsoft groups will introduce topics such as ongoing initiatives in Windows security, general security business initiatives, the product innovations under development in the Security Business Unit, and technology issues related to Microsoft Internet Explorer and Office. Board members will also discuss future platform innovations such as the next generation secure computing base for Windows — the secure hardware/software PC solution that Microsoft is working on with Intel — and they will talk about Microsoft Research initiatives and how those play into Trustworthy Computing.

PressPass: What will Microsoft do with the boards input?

Ladd: We will pay close attention to the comments, determine whether any suggestions are policy-based or technology-based, and work to extract a series of action items from the boards discussions over time. We expect to act on board recommendations insofar as they mesh with changing business conditions and complement Microsofts business model.

Ladd: We envision meeting with the academic advisory board on a twice-yearly basis and, as with this first meeting, presenting the topics that Microsoft perceives to be of greatest importance. Our initial thinking was at least a three-year lifespan for the group, but given the nature of security issues, its more likely to endure longer.